子受
文章
18
分类
4
评论
0

Nginx 配置说明

| 技术
字数总计 7696 | 阅读时长 19分钟 | 阅读量 84

Nginx 是一款高性能的 Web 服务器和反向代理服务器,广泛应用于互联网领域。以下为nginx在linux平台的简要说明。

配置文件路径

通过 apt 安装的 Nginx,在 Debian 系统上的安装目录通常位于 /etc/nginx,主要的配置文件为 /etc/nginx/nginx.conf

nginx.conf配置内容

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

  • user: 指定 Nginx 运行的用户,默认为 nginx。在某些情况下,如果网页文件存放在 /root 目录下可能会出现无法读取的情况,此时可以将 user 改为 root(不建议这么做,建议在其他位置存放网页文件)。

  • worker_processes: 指定 Nginx 启动的 worker 进程数量,可以设置为 auto 自动根据 CPU 核心数来决定。

  • gzip: 启用 Gzip 压缩。

  • include /etc/nginx/conf.d/*.conf: 引入网站配置文件。

网站配置示例

Nginx 的网站配置文件通常存放在 /etc/nginx/conf.d/ 目录下,如果需要创建一个网站,只需要创建/etc/nginx/conf.d/test.conf即可

静态网页

HTTP

server {
    listen       80;
    server_name  example.com;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

监听 80 端口,访问 example.com 时,显示 /usr/share/nginx/html 目录下的静态网页文件,默认访问首页为index.html或index.htm;

HTTPS

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /www/ssl/private.crt;
    ssl_certificate_key /www/ssl/private.key;

    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page 497  https://$host$request_uri;
}

替换ssl_certificate和ssl_certificate_key为实际的 SSL 证书和私钥文件的路径

实现HTTP自动跳转HTTPS

server {
    listen       80;
    server_name  example.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /www/ssl/private.crt;
    ssl_certificate_key /www/ssl/private.key;

    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page 497  https://$host$request_uri;
}

反向代理

当网站不是静态网页,而是由其他应用程序提供web服务时,则需要使用反向代理。如:使用java写了一个网站,运行在8080端口。

HTTP

server {
    listen       80;
    server_name  example.com;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

监听 80 端口,访问 example.com 时,显示 /usr/share/nginx/html 目录下的静态网页文件,默认访问首页为index.html或index.htm;

HTTPS

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /www/ssl/private.crt;
    ssl_certificate_key /www/ssl/private.key;

    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    error_page 497  https://$host$request_uri;
}

替换ssl_certificate和ssl_certificate_key为实际的 SSL 证书和私钥文件的路径

实现HTTP自动跳转HTTPS

server {
    listen       80;
    server_name  example.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /www/ssl/private.crt;
    ssl_certificate_key /www/ssl/private.key;

    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    error_page 497  https://$host$request_uri;
}

文章作者: 子受
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 薪萤-博客
技术
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝